If you’ve ever misspelled a URL, you may have visited a website registered by cybercriminals. John Garcia, Information Security Manager at Pixel Health, discussed this form of cybercrime, called typosquatting, and shared how IT teams in healthcare can help protect users and sensitive patient data.
“As the name suggests, typosquatting is the practice of creating a fake website that looks identical to a popular website. The URL of the fake website will have an easy-to-miss typo, perhaps an extra dash or switched characters,” explained John.
Spelling errors can happen to anyone. But once a user visits a misspelled URL, a cybercriminal could attempt any number of scams. Possible scenarios include:
- Selling items/services similar to the original site
- Stealing credit card information
- Getting a username and password
- Notifying the use of an “account error” and prompting them to call the cybercriminals for “support”
- Requesting remote access of a device and installing malware
- Asking the user to download files or providing a link for a download
Recognizing typosquatting
“Typosquatting poses a significant challenge in terms of detection. I’ve seen people in healthcare be misled into thinking they are accessing authentic websites,” said John. “Some cybercriminals often exploit this by boosting their fraudulent sites in search engine rankings, appearing among the top results. This tactic preys on users’ tendencies to trust and click on the first link they see, without reviewing the URL, which can lead to serious security risks.”
However, a few small details may call out typosquatting. John recommends:
- Double-checking the URL of a website, especially with letters at the end of a domain, like the .com or .net, called the top-level domain (TLD)
- Noticing if there are any misspelled words on the page
- Looking at the contact information in the webpage footer
- Checking if hyperlinks work
- Bookmarking often-used websites that have been verified as legitimate
“With the more sophisticated typosquatting websites, it can be challenging to tell the difference if you’re not paying attention,” he added.
A common scenario in typosquatting
In the scenario where a user calls a fake support line after receiving a login error, users should be trained to be vigilant and recognize common warning signs of a scam, which can include :
- Requests for a username/password
- Request for remote access to a device/account
- Any type of urgent, time-sensitive requests
Keeping healthcare users safe
At the technology level, a multi-layered security approach can be taken to protect healthcare workers from falling prey to scams through typosquatting. This includes:
- Performing web filtering or blocking through security software, which aggregates data on known malicious activity from certain IP addresses
- Filter websites at the firewall level as an additional level of protection
John stressed that finding a balance is important so that healthcare workers can still perform their daily jobs.
“If you block too many sites, your system may be safer but then employees can’t access the resources they need,” he explained. “It is helpful for an organization to narrow down the content that is allowed to balance security with operational efficiency.”
“Ultimately, our security efforts at Pixel Health are centered around protecting personal health information (PHI). Through education and technology, we work to avoid the worst-case scenarios of ransomware, compromising PHI, or any other data breach in a healthcare system.”
Pixel Health offers the KnowBe4® solution, which provides customizable, targeted training to keep employees up to date on best practices in cybersecurity. Get in touch to learn more about how our team can help reduce your security risks—and keep your employees and data safe.
